Using the Static Flaw Information Endpoint

Veracode APIs

You can use the static_flaw_info endpoint of the Veracode Findings API to get additional information about a single finding discovered during a static analysis.

The Findings API is explained in Using the Findings REST API.

The static_flaw_info endpoint returns this information:
  • Name of the scanned module
  • Filepath to the file that contains the finding
  • Name of the function that contains the finding
  • Code line numbers where the finding exists
  • Attack vectors associated with the request
  • Calls in the associated call stack

Permissions and Authentication

Before you can use all the endpoints of the Findings API, you must have one of these account types:

The API provides improved security through HMAC authentication. Therefore, before using this API, you must configure your authentication.

Ensure you access the APIs with the domain for your region.

Static Finding Data Path API Specification

The static_flaw_info endpoint uses the Static Finding Data Path API specification available from SwaggerHub.